what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-09

Zoom X4 / X5 SQL Injection / Authentication Bypass
Posted Jul 9, 2013
Authored by Kyle Lovett

Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | e6d22d7021bfb287cc6ae6f292362183cb62e754091ade52c2acd1b0086f7d72
Microsoft Security Bulletin Summary For July, 2013
Posted Jul 9, 2013
Site microsoft.com

This bulletin summary lists 7 released Microsoft security bulletins for July, 2013.

tags | advisory
SHA-256 | 180019270f7e502d4291099c0b53cd007c7aa0e3cd85bffc2410d975895a3acd
Poor Man's Security Lab
Posted Jul 9, 2013
Authored by Josh Clark | Site chimera-security.com

Whitepaper called the Poor Man's Security Lab. It provides walk throughs for setting up various virtualized hosts.

tags | paper
SHA-256 | a46c8da5a0bbcc6e045f7533314b35492b482573a49ea4b0bc0f4954b92642f1
Linux 3.10 libceph Null Pointer Dereference
Posted Jul 9, 2013
Authored by Chanam Park

Linux kernel versions up to 3.10 suffer from a libceph null pointer dereference vulnerability.

tags | advisory, kernel
systems | linux
advisories | CVE-2013-1059
SHA-256 | 97fc632dd5328279c3f77035f5bedff6103ed9285f01dcac6d213e5c55b9bd44
Ubuntu Security Notice USN-1902-1
Posted Jul 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1902-1 - William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.

tags | advisory, ruby
systems | linux, ubuntu
advisories | CVE-2013-4073
SHA-256 | 17b6e172f6f500eb09224783bba48cd4ec53f79cee3f1b516d382ce45ce0368c
Posted Jul 9, 2013
Authored by Mike Davis | Site ioactive.com

IOActive Security Advisory - DASDEC-I and DASDEC-II from Digital Alert Systems (DAS), which are used in the Emergency Alert System, have an embedded root ssh key that enables an attacker to transmit false emergency information over a large geographic area.

tags | exploit, root
SHA-256 | b32108bd2c0d9441bb1f18cfa9a0bc8a321063c45c679b287a55fffbc1d67034
Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service
Posted Jul 9, 2013
Authored by A. Falkenberg, Joerg Schwenk, Juraj Somorovsky, Christian Mainka | Site sec-consult.com

Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-2160
SHA-256 | bd800eccaafd0f41d9a2aa6be1e7ad144231f64eaa6af3b4f06fce8a84901843
Technical Cyber Security Alert 2013-190A
Posted Jul 9, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-190A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 597aa48cf8f13d8e76203ceb06c30e1a55cac7e00bffd1c1461cda21c9c6e258
Red Hat Security Advisory 2013-1028-01
Posted Jul 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1028-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 roll up patch 1 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5575, CVE-2013-0269, CVE-2013-1821, CVE-2013-2160
SHA-256 | dbfdd55df544378dcc45bbf34e83daecacebea4051e3922e1233975573bd1954
Digital Whisper Electronic Magazine #43
Posted Jul 9, 2013
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 43. Written in Hebrew.

tags | magazine
SHA-256 | 92c4e2b59d270500c8f8a66357e2d864f89bc5ed73512733e091f655fc582cb1
Red Hat Security Advisory 2013-1026-01
Posted Jul 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1026-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-1773, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848
SHA-256 | b2762b397b08d9221223dfd977b06176c19c33b3c398947bbd9f500e79632400
Joomla Attachments Shell Upload
Posted Jul 9, 2013
Authored by Stars Hacking Team

Joomla Attachments component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1118e6723abe23812d4c09d598a6d831cec1b36454e39e2b9c1ca53527c34578
ERS Viewer 2013 ERS File Handling Buffer Overflow
Posted Jul 9, 2013
Authored by James Fitts, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2013 (versions on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2013-3482, OSVDB-93650
SHA-256 | 34af08f8dddf30575d54f3ae715a7d1578f9f140985dc2fe0ec36bc406b9b344
OATH Toolkit 2.2.0
Posted Jul 9, 2013
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: This release adds functions for creating PSKC data to libpskc. In liboath, it permits different passwords for different tokens for the same user. It improves building from git with the most recent automake and gengetopt. Valgrind is not enabled by default. The liboath header file is usable from C++ (extern "C" guard).
tags | tool
systems | unix
SHA-256 | aac15aaf0d03d26bf50d2e8bdac74ca9d7211dd4cf20047e529390d3ebdd7df1
Ubuntu Security Notice USN-1901-1
Posted Jul 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1901-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2012-0037
SHA-256 | 129bfa80ff19162520bf13eed9fe89bfddd3574089068101f024e5bd08c06df6
Sanewall 1.1.4
Posted Jul 9, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: "sanewall save" now creates two files, which is what most init systems expect. "sanewall status" now identifies which blocks are IPv6 or IPv4. "sanewall condrestart" now follows convention by only restarting if already running. Various programs and files are now detected at configure-time rather than run-time.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 1d43aaccbe3da7de634097317cf9714ebe9b35ed10bc08f213f6214f84e9bdeb
Page 1 of 1

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By